Several several binaries have odd behavior including core dumps and
changing permissions on device files.

The intent of the below gdb and strace dumps is only to show why we
feel these issues are difficult to exploit on linux. We do not feel
that we are disclosing Intellectual Property in any way. No anti
debug routines are enforced by the below applications. The point is
to show what calls are causing the problem. The result could vary on
a different unix platform or processor.

In order to exploit the uvsetacc behvior, you must be logged in as user
uvadm. The creation and use of the Unix user 'uvadm' is optional for
UniVerse. It is not required for the successfull installation, configuration
and administration of UniVerse. The intended use of uvadm is to allow a
selected, specific non-root user to perform all aspects of UniVerse
administration.

Vendor Status : The IBM U2 staff will have this issue resolved
in a future release of IBM U2. Patches may also be supplied on a per
client basis at IBM's disgression.

Bugtraq URL : to be assigned

------------------------------------------------------------------------
This advisory was released by Secure Network Operations,Inc. as a matter
of notification to help administrators protect their networks against
the described vulnerability. Exploit source code is no longer released
in our advisories. Contact research@secnetops.com for information on how
to obtain exploit information.